With COVID-19 causing the world’s first ever mass migration of office-based employees to remote working, it will ask serious questions of technology and security teams. Never before have the effectiveness of their home working policies been challenged in such a way.
Here, our CEO Ed Macnair answers some questions on how organisations can address this problem.
- Sum up the problem for everyone?
In short, remote working will always cause a problem for IT teams because your people are no longer inside a defined and protected perimeter.
In essence, your attack surface fragments and is dispersed into people’s living rooms, sheds and the coffee shop down the road. COVID-19 driving people to work from home will cause this on a bigger scale and for a longer period of time than before. More exposure means more chance of attack.
- Isn’t every company ready for remote working now though?
A lot are, but not all companies have a remote working policy in place. Of those that do, I would doubt few have had the forethought to crisis plan to this degree, which means the security team is dealing with unknowns.
SMEs in particular, where resource is more tightly constrained, will probably not have an off-the-shelf policy for a situation where remote working takes place for such a period of time.
Strategically, companies will have to start preparing long-term cyber security plans for managing their tech estate and user-base from a distance. More tactically, I think it will open up a whole raft of daily issues that we have never even considered. Technology infrastructure will also be tested, both on-premises, in the cloud, and even at a national level.
- What will people do when at home, that puts companies at risk?
Firstly, it presents an opportunity for attackers. We know they are very creative and do not care about using human suffering to bolster their chances of stealing your data.
I think they will use the rather unusual situation as an opportunity to attempt malicious access into the services employees use in the cloud, so things like O365, Salesforce and other SaaS tools. If I was an attacker, I would learn which companies have sent employees to home-work by scouring social feeds and spin up a targeted phishing campaign looking to steal their login credentials.
Once inside, I would start collecting intel that would let me move sideways and steal as much data as possible. As part of this, I would probably also set up a bunch of watering holes for the organisation I want to attack and try to lure users into giving up credentials this way, perhaps by masquerading as an OWA portal or similar. Larger enterprises will be wise to this and will be vigilant, small companies will need to be more attentive to this.
- What five practical tips would you give to improve remote working cyber security?
- Multi Factor Authentication (MFA) will be crucial. With an increase in people trying to spoof users, it will help prove whether logins are legitimate or not. Turn Software as a Service (SaaS) product MFA options on and educate users. You will probably have to educate many times if we are looking at a sustained period.
- I would also look at web filtering to strip out any malicious sites. This will reduce the aforementioned watering hole problem. More importantly though, it will also stop users generally going to sites that they may not have done whilst in the office, which often host bad things.
- Endpoint hygiene will also be important. This means installing an AV which updates automatically and hopefully challenges any stupid downloads from users. I would also ensure gateway protection settings on the endpoint remain the same as at head-office to protect against malicious web visits.
- With VPNs, make sure settings and policies are reviewed to suit the army of mobile users you have just inherited, as opposed to being relevant to admins. Also, resist short-term firewall changes – these will only prove a headache in the long term
- Split tunnelling may be useful in this situation. I would consider sending Internet and O365 traffic directly from home, with specific application traffic going over a VPN. If you allow O365 and Internet traffic to go directly then ensure you have an agent based web filtering product to protect your users
- Is there any upside for this situation that doesn’t apply to normal remote working?
I think the mostly fixed location of this workforce reduces risk profile. Being at home, rather than roving because of increased virus worries, means people are more likely to connect using trusted devices, for example on home routers. This decreases data theft and man in the middle threat from people logging on over public Wi-Fi.
Secondly, the physical security risk is also decreased. There is very little risk of someone looking over your shoulder and stealing data and information when at home, unless the cat has it in for you…
Download our Remote Working Checklist to ensure you have the correct solutions in place to secure your workforce when working from home. There are many ways we can support organisations in staying secure, contact us and we will be happy to help.